Skip to content

Instantly share code, notes, and snippets.

Filippo Valsorda FiloSottile

Block or report user

Report or block FiloSottile

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
FiloSottile / How to dump the iOS simulator
Last active Sep 17, 2019
How to dump the iOS simulator memory
View How to dump the iOS simulator

Dumping the iOS simulator memory

To audit memory or to debug with external tools it can be useful to get a dump of the running memory of an app.

To do so on a device you'll need a Jailbreak, SSH access, and gdb. See this or this.

If instead you're up to a simulated app, things are easier: apps running in the simulator are actually just native processes on your Mac OS X.

So, how to get a core dump of a Mac OS X process? Sadly gdb can't do so. Mac OS X Internals comes to the rescue with this article.

FiloSottile / 32.asm
Last active Sep 17, 2019
NASM Hello World for x86 and x86_64 Intel Mac OS X (get yourself an updated nasm with brew)
View 32.asm
; /usr/local/bin/nasm -f macho 32.asm && ld -macosx_version_min 10.7.0 -o 32 32.o && ./32
global start
section .text
push dword msg.len
push dword msg
push dword 1
mov eax, 4
View 0001-crypto-tls-support-SSLv2-compatibility-handshakes.patch
From 6ec6e3f7b176547783b2c464d54bc1a1f7d884f7 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <>
Date: Mon, 7 Dec 2015 15:44:34 +0000
Subject: [PATCH] crypto/tls: support SSLv2 compatibility handshakes
src/crypto/tls/conn.go | 103 ++++++++++++++++++++++++++++++++++++-
src/crypto/tls/handshake_server.go | 7 ++-
2 files changed, 107 insertions(+), 3 deletions(-)
FiloSottile /
Created Mar 12, 2012
Simple script to dump an IMAP folder into eml files
#!/usr/bin/env python
#-*- coding:utf-8 -*-
import imaplib
import getpass
import argparse
argparser = argparse.ArgumentParser(description="Dump a IMAP folder into .eml files")
argparser.add_argument('-s', dest='host', help="IMAP host, like", required=True)
argparser.add_argument('-u', dest='username', help="IMAP username", required=True)
FiloSottile / unchroot.c
Last active Jul 26, 2019
Code for my article about chroot jail escaping
View unchroot.c
#include <sys/stat.h>
#include <unistd.h>
#include <fcntl.h>
int main() {
int dir_fd, x;
mkdir(".42", 0755);
dir_fd = open(".", O_RDONLY);
#! /bin/sh
GOOS=linux go build -o $2 "$1"
GOOS=linux go build -ldflags="-s -w" -o $2.-sw "$1"
upx -f --brute -o $2.upx $2
upx -f --brute -o $2.-sw.upx $2.-sw
GOOS=linux gotip build -o $2.tip "$1"
GOOS=linux gotip build -ldflags="-s -w" -o $2.tip.-sw "$1"
upx -f --brute -o $2.tip.upx $2.tip
FiloSottile / browser_request
Created Dec 12, 2013
Analysis of the new GMail image proxy
View browser_request
"accept-language": "en-US,en;q=0.8,it-IT;q=0.6,it;q=0.4",
"accept-encoding": "gzip,deflate,sdch",
"cache-control": "max-age=0",
"connection": "keep-alive",
"accept": "image/webp,*/*;q=0.8",
"user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36",
"host": "",
"if-modified-since": "Wed, 31 Oct 2012 23:52:07 GMT"
FiloSottile / La Coscienza di un Hacker
Last active Jun 27, 2019
Traduzione in italiano dell'Hacker Manifesto
View La Coscienza di un Hacker
Questa è una traduzione in italiano del celebre Hacker Manifesto. Tutte quelle
esistenti contengono grossolani errori, perlopiù dovuti ad una carente
comprensione della materia e del periodo, o in ogni caso sono poco fedeli al
contenuto e allo spirito dell'originale. Mi auguro che questa mia traduzione non
soffra degli stessi problemi. Sail strong.
-- FiloSottile
Da: Phrack, Volume Uno, Issue 7, Phile 3 of 10
FiloSottile /
Created Jun 25, 2017
Unbound python-script to route websites over IPv4.
def init(id, cfg):
return True
def deinit(id):
return True
def inform_super(id, qstate, superqstate, qdata):
return True
domains = [
FiloSottile /
Last active Feb 28, 2019
Before GitHub implemented Stars I used to bookmark interesting repos on Pinboard with a 'github-repo' tag. This script leverages GH and Pinboard APIs to star the bookmarked repo, and if the bookmark only had that tag and the star action succeeded deletes the bookmark.
# depends on python-pinboard and
import pinboard
from getpass import getpass
import re
from github3 import login
p = pinboard.PinboardAccount(token="FiloSottile:REDACTED")
user = 'FiloSottile'
You can’t perform that action at this time.